Skip to main content

Winamp Multiple Vulnerabilities

Last Update Date: 28 Oct 2011 14:58 Release Date: 28 Oct 2011 5831 Views

RISK: Medium Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in Winamp, which can be exploited by malicious people to compromise a user's system.

  1. An error in the in_midi.dll plugin when handling the "iOffsetMusic" value within the Creative Music Format (CMF) header can be exploited to cause a heap-based buffer overflow via a specially crafted MIDI file.
  2. An error in the in_mod.dll plugin when handling the "channels" value within the Advanced Module Format (AMF) header can be exploited to cause a heap-based buffer overflow via a specially crafted ".amf" file.
  3. An error in the in_nsv.dll plugin when handling the "toc_alloc" value within the Nullsoft Streaming Video (NSV) header can be exploited to cause a heap-based buffer overflow via a specially crafted ".nsv" file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
 


Impact

  • Remote Code Execution

System / Technologies affected

  • Winamp 5.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 5.622.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link